On Thu, 2004-08-26 at 05:30, Lance Hoffmeyer wrote: > Running SARGE. I have everything installed > and appears to be installed correctly. If > I login as user postgres I can login to > a database phpgroupware. If I am any other > user and I run command > > psql phpgroupware -U postgres -W > > I get error > > psql: FATAL: IDENT authentication failed for user "postgres" > > also, I cannot create phpgroupware database from phpgroupware > admin? > > What have I got setup incorrectly?
I don't know the insides of phpgroupware, but let me explain PostgreSQL's authentication. You connect either as a local client using Unix sockets (hostname is blank) or through TCP/IP with or without SSL (hostname is not blank); these three modes of access are represented in /etc/postgresql/pg_hba.conf by lines beginning "local", "host-ssl" or "host" respectively. You connect to a specified database as a specified user. If you are connecting through TCP/IP you are coming from some particular host. The first line in pg_hba.conf to match the combination of access mode, database, user and (for TCP/IP only) source IP address is the line that governs how your access is authenticated. The default access mode in Debian PostgreSQL is "ident sameuser"; this means that the postmaster checks that the database user being requested is the same as the system login. This means that you can access PostgreSQL securely without having to enter a password every time you connect. When you access through the web, you cannot use ident authentication because the system user requesting access is the owner of the webserver (usually www-data) rather than yourself; so web-based database access must use passwords - specify authentication mode "md5" in pg_hba.conf. Remember you must set passwords for all users with ALTER USER WITH PASSWORD xxxxxxx before you change the authentication mode. A user with no password cannot get in at all. I presume that phpgroupware is the same kind of animal; it must be running under some other user name, so it cannot use ident authentication; you must specify md5 authentication mode in the pg_hba.conf line that governs the connection. If you want to avoid having the same change made for all accesses, arrange to have phpgroupware connect to hostname localhost (thus using TCP/IP) while default psql access will be to a blank hostname, thus using a Unix socket. The two different access modes can have different authentication, as explained above. Oliver Elphick maintainer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
